manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, as demonstrated by crafted POST data beginning with an "m_id=1 AND SLEEP(5)" substring.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/joyplus/joyplus-cms/issues/432 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-07-22T17:00:00
Updated: 2024-08-05T09:29:51.698Z
Reserved: 2018-07-22T00:00:00
Link: CVE-2018-14501
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-07-22T17:29:00.363
Modified: 2024-11-21T03:49:12.240
Link: CVE-2018-14501
Redhat
No data.